package com.yes.xr.jdbc;

import java.sql.*;
import java.util.Scanner;

public class Login {
    public static void main(String[] args) throws Exception{
        Scanner scanner = new Scanner(System.in);

        System.out.println("请输入账号：");
        String username = scanner.nextLine();

        System.out.println("请输入密码：");
        String password = scanner.nextLine();

        //login(username,password);
        loginplus(username,password);

    }
    //有漏洞的登录
    public static void login(String n,String p) throws Exception{
        System.out.println("username="+n);
        System.out.println("password="+p);
        String sql = "SELECT id FROM `user` WHERE username='" +n+
                "' AND `password`= MD5('" +p+
                "')";
        Class.forName("com.mysql.jdbc.Driver");
        String url="jdbc:mysql://localhost:3306/text1?useSSL=false";
        String username="root";
        String password="985211";
        Connection connection = DriverManager.getConnection(url, username, password);
        Statement statement = connection.createStatement();
        ResultSet set = statement.executeQuery(sql);
        if(set.next()){
            System.out.println("ok");
        }else{
            System.out.println("damie");
        }

    }
    public static void loginplus(String n,String p)throws Exception{
        System.out.println("输入的账号："+n);
        System.out.println("输入的密码"+p);
        String sql ="SELECT id FROM `user` WHERE username=? AND `password`= MD5(?)";

        Class.forName("com.mysql.jdbc.Driver");
        String url="jdbc:mysql://localhost:3306/text1?useSSL=false";
        String username="root";
        String password="985211";
        Connection connection = DriverManager.getConnection(url, username, password);

        PreparedStatement ps = connection.prepareStatement(sql);
        //第一个问号是1，第二个问号是2
        ps.setString(1,n);
        ps.setString(2,p);
        ResultSet set = ps.executeQuery();

        if(set.next()){
            System.out.println("ok");
        }else{
            System.out.println("damie");
        }

    }
}
